Trusted Access Authentication Technology for Large-Scale Heterogeneous Terminals in a Vehicle Charging Network System

Abstract

A vehicle charging network system has to access large-scale heterogeneous terminals to collect charging pile status information, which may also give malicious terminals an opportunity to access. Though some general access authentication solutions aimed at only allowing trusted terminals have been proposed, they are difficult to work with in a vehicle charging network system. First, among various heterogeneous terminals with significant differences in computing capabilities, there are inevitably terminals that cannot support computations required for cryptography-based access authentication schemes. Second, though access authentication schemes based on device fingerprints are independent of terminal computing capabilities, their authentication performance is weak in robustness and high in overhead. Third, the access authentication delay is huge since the system cannot withstand heavy concurrent access requests from large-scale terminals. To address the above problems, we propose a reliable and lightweight trusted access authentication solution for terminals in the vehicle charging network system. By cloud, edge, and local servers cooperating to execute authentication tasks, our Cloud-Edge-End Collaborative architecture effectively alleviates the authentication delay caused by high concurrent requests. Each server in the architecture deploys our well-designed unified trusted access authentication (UATT) model based on device fingerprints. With ingenious data construction and the powerful swin-transformer network, the UATT model can provide robust and low-overhead authentication services for heterogeneous terminals. To minimize authentication latency, we further design an A2C-based authentication task scheduling scheme to decide which server executes the current task. Comprehensive experiments demonstrate our solution can authenticate terminals with an accuracy higher than 98% while reducing the required data packets by two orders of magnitude, and it can effectively reduce authentication latency.

1. Introduction

As vehicle technology merges with energy, the Internet of Things (IoT), and communication fields, vehicles are developing towards electrification and intelligence. Considering the limited battery power of electric vehicles during long-distance travel, a vehicle charging network system that can provide a real-time travel charging solution will surely appear. Predictably, in order to collect nearby charging piles status information, the system has to allow access to large-scale heterogeneous terminal devices. For example, there are numerous video sensors and smoke sensors to monitor whether the charging environment is safe, voltage and current sensors to detect the power condition of all charging piles, and mobile terminals to activate charging piles for massive users, etc. Since a large number of terminal devices are difficult to monitor, malicious terminals will have the opportunity to access. Once malicious illegal terminals access the system, they can easily crash the charging facility, steal charging vehicles’ information, and even further implant viruses to make vehicles uncontrollable. Though the 5G protocol optimizes identity security by introducing temporary identification [1], malicious illegal devices can still access the system by forging legal identification. Therefore, it is necessary to design a more reliable access authentication scheme for a vehicle charging network system to ensure system security and full function.

Some trusted access authentication schemes have been proposed [2,3,4,5]. However, they are difficult to work in the vehicle charging network system with large-scale heterogeneous terminal access. First, since the vehicle charging network system accesses various heterogeneous terminals, there are inevitably terminals whose computing capabilities are insufficient to support the general access authentication solution based on cryptography (i.e., PKI [6,7]). To provide verification information, terminals need to have the computing capability of encryption and decryption. Unfortunately, some terminals with poor or even no computing capabilities (such as smoke sensors) cannot complete the encryption and decryption. Thus, they may be denied access to sensitive information, which will prevent the system from functioning well. Therefore, it is necessary to design a unified authentication solution for heterogeneous terminals in the vehicle charging network system.

Second, access authentication based on device fingerprint [8] is an available unified solution, but its authentication robustness is relativity poor and the processing overhead is relativity high. Specifically, the device fingerprint can be extracted according to the radio frequency (RF) wireless signal difference caused by the hardware defects inherent in terminal manufacturing. Through identifying the legitimacy of the device fingerprint, the system can decide whether to allow terminal access. Nonetheless, due to the RF wireless signal difference caused by hardware defects is subtle, the fingerprint features extracted under different environments (such as occluded materials and weather conditions) vary greatly. This will inevitably result in poor authentication robustness. Additionally, though the authentication scheme based on device fingerprint eliminates encryption and decryption, the overhead brought by fingerprint identification is still not negligible. This will lead to a high authentication delay required for trusted access.

Third, since there are massive terminals in a vehicle charging network system, all access authentication requests processed by the cloud server will bring huge delay overhead. Specifically, in order to meet the charging needs of all electric vehicle users, the number of charging piles provided in the vehicle charging network system is huge. Correspondingly, the amount of terminals that need to access the system is even greater. This means that highly concurrent access authentication requests will widely exist in the system. In this case, the centralized authentication request processing architecture that is authenticated locally by the system or delivers all the device fingerprints to the cloud server for identification will bring a huge authentication waiting overhead.

To address the above challenges, we propose a trusted access authentication solution based on end-edge-cloud collaboration for the terminals in a vehicle charging network system. Our solution provides an efficient and reliable device identification method for large-scale heterogeneous terminals in the system, and only allows the identified legal terminals access to ensure the vehicle charging network system’s security. Specifically, our contributions are listed as follows:

(1) End-Edge-Cloud Collaborative Authentication Framework. To alleviate the non-negligible authentication waiting latency when large-scale heterogeneous terminals concurrently access requests in a vehicle charging network system, we propose an End-Edge-Cloud Collaboration framework. Through the cooperation of local servers, edge servers, and one center cloud server jointly executing access requests from massive terminals, the framework can provide efficient and reliable access authentication services for large-scale terminals. This effectively improves the quality of service (QoS) of delay-sensitive and computation-intensive access authentication tasks in a vehicle charging network system.

(2) Unified Trusted Access Authentication Model. To address the problem of heterogeneous terminal access in a vehicle charging network system, we designed a novel unified trusted access authentication (UTAA) model based on device fingerprints. Taking the feature of RF signal transmitted by terminals as the device fingerprint, the UTAA model provides a bypass authentication solution which is independent of the computing and storage capabilities of terminals. Via well-designed data construction and the powerful feature extraction capabilities of Swin-Transformer [9], the UTAA model effectively mitigates environmental interference and improves the robustness of fingerprint recognition. This ensures the reliability of access authentication. Moreover, benefiting from the feature extraction capabilities of Swin-Transformer, only a small amount of fingerprint data can accurately identify the legitimacy of terminals, which actually reduces the authentication overhead.

(3) Access Authentication Overhead Minimization. Although our UTAA model optimizes the authentication overhead for a single terminal, there still exists a heavy access authentication response latency for vehicle charging network systems with numerous and dynamic authentication requests. To further optimize authentication latency, authentication tasks that cannot be executed locally are transmitted to appropriate edge or cloud servers for cooperative execution. Then, the global access authentication response time can be expressed as the sum of transmission delay and authentication delay. With the goal of minimizing global access authentication response time, we design an authentication task scheduling scheme based on Advantage Actor Critic (A2C) [10] to decide which server the current authentication tasks are offloaded to for executing.

(4) Experimental Evaluation in Real Environment. We conduct comprehensive experiments to evaluate the proposed scheme in this paper. Experimental results demonstrate that the device fingerprints extracted by our UTAA model have environment stability, time stability, and location stability. Compared with traditional manual feature extraction schemes, the UTAA model reduces the number of packets required for authentication by two orders of magnitude, while ensuring superior authentication performance. Moreover, our end-edge-cloud collaborative authentication framework reduces the global authentication latency by about two times compared to the centralized processing schemes. Such results indicate that our solution can ensure trusted and reliable access authentication for a vehicle charging network system with large-scale heterogeneous terminals.

2. Related Work

The vehicle network system has to connect complex and massive terminals, which will give malicious terminals the opportunity to access. To ensure system security, trusted access schemes that allow legitimate terminals and deny illegal terminals are necessary. The common trusted access technologies are usually implemented based on cryptography [6,7,11,12]. Taking the PKI-based authentication scheme as an example, through the certification authority which verifies whether the current terminal is legal, the scheme can ensure that only trusted terminals have access [6,7]. This scheme has been widely adopted for quite some time, but there is a risk of key disclosure [13]. To overcome the shortcoming, some trusted authentication schemes combined with emerging potential technologies were proposed. For example, Lai et al. [14] proposed an authentication scheme based on 5G infrastructure, but the security of the 5G network architecture is still insufficient. Thanks to the distributed nature of blockchain, Guo et al. [15] proposed a PKI security enhancement scheme based on the blockchain, but there is a non-negligible energy overhead. Aiming to provide weightless and secure identity authentication, trusted authentication methods through fingerprint (i.e., biometric fingerprint [16], device fingerprint [17,18,19,20,21]) are expected to show their strengths.

Identifying the terminals legitimacy based on device fingerprints [17,18,19,20,21] is considered an innovative access authentication scheme. Due to the unique benign hardware defects that inevitably exist in the manufacturing process of terminal devices, there will be subtle differences in the RF signals emitted by different terminals. The subtle signal differences are impossible to forge, as existing strategies cannot calibrate this unique slight difference [22]. Thus, extracting device fingerprints from the channel state information (CSI) of RF signals is widely appreciated. Nevertheless, there are difficulties in extracting accurate device fingerprints based on CSI since the channel characteristics are easily affected by environmental interference. Firstly, buildings in the propagation path of individual subcarriers in the signal can cause varying degrees of transmission loss to the subcarriers, resulting in changes in the recovered CSI [23,24]. Secondly, in the case of such vehicle charging network systems with high terminal mobility and intensive human activities, the change of channel characteristics is more complicated [25]. These device fingerprints extracted from CSI, which change with the environment and location, will drastically reduce the accuracy of terminal legitimacy identification.

There have been several works dedicated to extracting fingerprints with environmental stability and location stability from CSI. For example, Hua et al. [26] pointed out that using the carrier frequency offset (CFO, which can be inferred from CSI) of the wireless RF signal as a device fingerprint can effectively improve the stability of fingerprint features. Liu et al. [27] proposed a solution that extracts the nonlinear phase error (which can be inferred from CSI) between different subcarriers of the RF signal as a device fingerprint. Specifically, nonlinear phase errors are due to in-phase/quadrature (I/Q) component imbalances or oscillator imperfections. This phase characteristic remains consistent among subcarriers and does not vary with location and external environment, which ensures the stability of device fingerprints. Similarly, Lin et al. [28] proposed a fingerprint extraction mechanism based on signal amplitude vibrations, and they further devised a method to remove amplitude disturbances such as those caused by resolution errors of variable gain amplifiers. Though the above works resist certain environmental and location interference, the authentication accuracy based on the device fingerprint under complex environments is still poor. This is because the current extraction of fingerprint features usually relies on the experience of experts to extract them manually. Manually extracted fingerprints may ignore some invisible features, causing invalid fingerprints in complex environments. Moreover, the above methods require more fingerprint data to ensure the accuracy of access authentication, which will lead to greater authentication overhead.

Since the authentication overhead of only a single terminal is already high, the authentication overhead in the vehicle charging network system connected by large-scale terminals with high concurrent access requests is even more immeasurable. Massive authentication tasks will cause heavy pressure on the system. To alleviate the pressure on the system, the cloud computing solution that uploads the authentication task to the central cloud server for processing is greatly appreciated [29,30,31]. However, there will be a certain queuing delay on account of the relatively long distance and less central cloud. Accordingly, distributed computing architecture solutions such as edge computing came into existence [32,33,34]. By distributing computing resources close to users, edge computing architecture can effectively overcome the shortcomings of centralized cloud architecture. Nevertheless, it is difficult to bear excessive computing requests because edge nodes usually have poor computing power. Once there are too many authentication requests within the scope of the edge server, queuing delays will inevitably occur. This therefore will introduce a problem of computational task offloading. To fully utilize the resources of edge computing and cloud computing, we consider an end-edge-cloud collaborative solution to process the massive authentication requests, which can provide a trusted access authentication service for vehicle charging network systems with large-scale terminals.

3. System Design

In this section, we introduce the detailed design of trusted access authentication scheme that can address the large-scale heterogeneous terminal access challenge faced by a vehicle charging network system.

3.1. Overview of the Framework

To address the challenges of large-scale heterogeneous terminals access authentication in vehicle charging network systems, we propose an End-Edge-Cloud Cooperation framework. The framework takes the advantage of edge computing and cloud computing to provide efficient and reliable authentication service for large-scale terminals. Moreover, our novel unified trusted access authentication (UTAA) model based on the robust and unforgeable terminal fingerprint characteristics offers a lightweight and fast authentication for the heterogeneous terminals in the framework.

As shown in Figure 1, the framework contains three layers. The first one is the center cloud layer equipped with a center cloud node. The center cloud node has sufficient computing and storage resources but may be far from the terminals. The second one is the edge cloud layer equipped with many edge cloud nodes. Each edge cloud node has many mobile edge computing (MEC) servers located between the center cloud and the terminals. Therefore, it has much more computing and storage resources than the terminals, but maybe less than the center cloud. Particularly, all the MEC servers at different edge cloud nodes can process the access authentication tasks cooperatively to provide feasible, secure, and scalable authentication services. In this way, it can improve the quality of service (QoS) for the access authentication tasks which are time-delay sensitive and computing-intensive. The third layer is the access request layer. At this layer, a tremendous amount of access requests is generated from different types of terminals. Many of them are limited in terms of computer and storage resources. This may prevent them from performing common authentication algorithms [6,7,11,12] that require encryption and decryption calculations.

To address the problem of heterogeneous terminals access authentication, in the proposed end-edge-cloud cooperative authentication framework, the center cloud node and all the edge cloud nodes are configured with our novel unified trusted access authentication (UTAA) model. The UTAA model provides a bypass authentication method based on the fingerprint characteristics extracted from the wireless signal between the terminal and the authentication nodes. Therefore, it is independent of the computing and storage ability of terminals. The access authentication response time contains transmission delay the UTAA model is two orders less than that of the previous studies [26,27,28]. This enables the UTAA model to largely reduce the authentication delay for a single terminal. Furthermore, combined with the elaborate design of data preprocessing, data expansion, data augmentation in constructing a model training dataset, the UTAA model can achieve accurate, robust, and fast authentication for heterogeneous terminals.

Although our UTAA model optimizes the authentication delay for a single terminal, there still exists a heavy access authentication response time overhead for large-scale vehicle charging network systems with numerous and dynamic authentication requests. If all the authentication tasks are offloaded to the center node, it must lead to a certain transmission delay caused by the heavy request traffic and the long transmission distance. Actually, it is inappropriate for heavy authentication requests to occupy too many core network processing resources. This is because it will hinder the processing of core services. However, if all the authentication tasks are offloaded to the edge cloud node nearest from the terminals locally, it may cause the inability of some nodes to process the task timely due to the imbalance authentication request distribution in space. As a result, our goal is to optimize the global access authentication response time by offloading the authentication task to the appropriate UTAA model collaboratively.

3.2. Unified Trusted Access Authentication (UTAA) Model

To address the limitations of the current device fingerprint-based authentication, we propose a unified trusted access authentication (UTAA) model. As shown in Figure 2, the UTAA model contains two key stages, i.e., model offline training and online access authentication. Before being deployed in a practical vehicle charging network system to process online access authentication tasks, we need to train a robust Swin-Transformer-based authentication module at the model offline training stage. As shown in Figure 2, the different steps of the model offline training stage are connected by the dotted arrows. We first collect the channel state information (CSI) from different terminals. Then, after the processes of data preprocessing, data expansion, and data augmentation in the step of constructing a model training dataset, we obtain diverse and sufficient input samples to train a robust and lightweight Swin-Transformer-based authentication module.

The arrows with solid line represent the steps of the online access authentication stage in Figure 2. The well-trained Swin-Transformer-based authentication module will be deployed in all the edge cloud nodes and the center cloud layer of the practical vehicle charging network system. Once an access authentication request is generated from a terminal, the UTAA model collects its channel state information (CSI) from the wireless signal between the terminal and the authentication nodes. After the step of data preprocessing, the valid phase and amplitude information are extracted from CSI and will be input to the Swin-Transformer-based authentication module for correct access authentication.

Unlike previous studies [26,27,28] that only manually extracted a single feature from the amplitude or phase information of CSI, we aim to extract unforgeable and robust hardware features from the amplitude and phase of the CSI as device fingerprints. By integrating with the vehicle charging network system, the Swin-Transformer-based terminal authentication scheme can provide bi-directional authentication between the charging system heterogeneous sensor terminals and edge nodes. It effectively reduces the security risks of existing authentication mechanisms. Moreover, our solution requires only a small number of packets to authenticate the access of a single terminal. This greatly eases the computational overhead of access authentication and reduces the network burden.

3.2.1. Constructing Model a Training Dataset

In order to obtain a robust and lightweight authentication model, we first need to construct a model training dataset with diverse and sufficient samples to address the problems of overfitting and instability caused by different environment interference. The training dataset construction is divided into three steps: (1) data preprocessing; (2) data expansion; (3) data augmentation. The purpose of data preprocessing is to extract valid phase and amplitude information from CSI. Then, the data expansion is responsible to expand the number of samples by using a sliding window to extract more samples from time-series CSI datasets. At last, data augmentation will largely enhance the sample diversity and further increase the number of samples to achieve a robust and correct access authentication model.

(1) Data Preprocessing. Orthogonal Frequency Division Multiplexing (OFDM) technology is widely used in 5G terminal equipment communication. Each OFDM signal consists of 64 subcarriers, including 52 orthogonal subcarriers and 12 additional null-subcarriers for calculating Inverse Fast Fourier Transform (IFFT). Channel State Information (CSI) is a sampled version of the Channel Frequency Response (CFR) and it directly reveals the phase, frequency, and amplitude information of the OFDM communication system channel. In addition, CSI is not only affected by propagation obstacles, signal reflections, and baseband data patterns, but also affected by the design of the signal processing circuit of the transmitter. Every signal processing circuit of different transmitters unavoidably has its unique and unforgeable hardware defect caused by the random errors in the production process [22]. Therefore, CSI can be used as the basis of trusted device identification.

• Remove invalid values. The extra 12 null-subcarriers are added for calculating the IFFT instead of transmitting the real communication data. The collected CSI from the 12 subcarriers is considered as invalid values. Since there is no channel state and hardware defect information in them, the invalid values should be removed. Then, 52 valid subcarriers are finally selected as model inputs.
• Extract amplitude and phase. A set of CSI ${\left\{H^k\right\}}_{k=1}^K$ is a set of K discrete samples of the CFR within the bandwidth, using the subcarrier frequency difference as the frequency sampling interval. K is 64 in the OFDM signal. The CSI value of the $k_{th}$ subcarrier is represented by a complex number $H^k$:

  $$H^k=I^k+j{Q}^k$$

  (1)

  where I is the real part and Q is the imaginary part. Based on Equation (1), the phase and amplitude of the $k_{th}$ subcarrier can be extracted according to the following two equations:

  $${\mathsf{\Phi }}^k={tan}^{-1}\left(\frac{Q^k}{I^k}\right)$$

  (2)

  $${\mathsf{\Psi }}^k=\sqrt{{\left(Q^k\right)}^2+{\left(I^k\right)}^2}$$

  (3)

  where ${\mathsf{\Phi }}^k$ and ${\mathsf{\Psi }}^k$ represent phase and amplitude of the $k_{th}$ subcarrier, respectively [27].
• Unwrap Phase. As shown in Equation (2), the arctangent function is required to calculate the system phase. Due to the limitation of the arctangent function, the calculated subcarrier phase will be phase-wrapped, i.e., there will be some jumps in the phase. While the true subcarrier phase is smooth, it is impossible that any jumps can occur. Therefore, in order to obtain the true subcarrier phase, an unwrapping operation is required. We randomly selected one data packet and calculated the raw phase of its 52 valid CSI subcarriers of a camera in our testbed. As shown in Figure 3a, there are some jumps in the raw phase. After the phase unwrapping is performed on the raw phase, the subcarrier phase tends to smooth out in Figure 3b.

Figure 3. Phase unwrapping.

Figure 3. Phase unwrapping.

(2) Data Expansion. Collecting CSI datasets is time-consuming and labor-intensive [35]. It is difficult even impossible to build a complete CSI dataset with enough number of samples in all possible authentication environments with different objects movements or weather conditions. Due to the above limitations, it may lead to over-fitting problems in the trained model, i.e., poor generalization of the models to fit the unknown data distribution. Furthermore, it is difficult for traditional machine learning and deep learning techniques to effectively extract device fingerprint features from a small number of CSI samples.

In order to obtain as many data samples as possible, we perform data expansion on CSI data at this step. The sliding window is a direct but effective data expansion method for time-series datasets. We can collect one CSI sample from the corresponding packet. Accordingly, the CSI data can be considered as time-series data. Naturally, the sliding window data expansion method can be applied to it. An example of data expansion using a sliding window is shown in Figure 4. By pre-setting the window size $\mathcal{L}$ as well as sliding stride S, the sliding window will slide forward the time-series CSI data over S CSI samples every time. In this way, the size of the datasets can easily be enlarged by $\mathcal{L}/S$ times finally.

(3) Data Augmentation. To further increase the number and diversity of training datasets, we introduce five data augmentation methods in this step. In reality, there may be unpredictable signal hiding, jitter, drift or interference caused by the changes of authentication environment, e.g., the movement of people, cars or weather variations. In order to enhance the robustness of terminal authentication for the device fingerprint extraction task, we use five specific data augmentation methods including adding Gaussian noise and the changes of dropout, crop, drift, and timewarp on the raw data to imitate the possible effect in different environments. In this way, the UTAA model can increase the diversity of training data and thus improve the augmentation stability against changeable environment interference. In particular, all the methods are applicable to both amplitude and phase data. What is more, they all can be easily applied to the model offline training stage. The detailed design of the five data augmentation methods is introduced as follows.

• Gaussian noise adding: Add an independent and identically distributed additive Gaussian noise with expectation $\mu =0$ and standard deviation $\sigma$ to the data according to the probability $P_g$. This method is a straightforward and basic way to improve the robustness of the model, which is to add random noise to the training data.
• Dropout change: Discard values of some random points in a series of data according to the probability $P_d$ and set the corresponding point value to the value of the previous point of the dropout point, which can imitate the loss of random points in practice.
• Crop change: Crop the subsequence with a randomly specified number of subcarriers according to probability $P_c$. To ensure consistent model input data format, the data are adjusted to a fixed length by linear interpolation. This method can imitate the loss of successive points in practice.
• Drift change: Make data values randomly and smoothly drift away from their original values according to probability $P_{dr}$. The degree of offset is controlled by the maximum offset u and the number of offset points v.
• TimeWarp change: Smoothly distort the time interval between samples according to probability $P_t$. The TimeWarp change can be used to change the temporal position of the samples.
  Based on our real training data collected from a camera, Figure 5 shows the effects of the five data augmentation methods used in our work. Figure 5a shows the raw phase data of 36 consecutive packets for the subcarrier with index $k=25$. Figure 5b shows the effect after applying an additive Gaussian noise with $\mu =0$ and $\sigma =0.1$ to the raw phase. Figure 5c shows the effect after randomly dropping out the points in the raw phase and setting the corresponding point value to the value of the previous point of the discarded point. Figure 5d demonstrates the effect of expanding the subsequence to the raw sequence length using linear interpolation after randomly cropping a subsequence from packet 30 to packet 35 for the raw phase. Figure 5e shows the effect after random drifts of the raw phase. Figure 5f shows the effect of smoothing the raw phase with time warping. From Figure 5, we can see that the sample diversity can be largely increased by the five data augmentation methods, and the number of samples is also increased.

3.2.2. Swin-Transformer-Based Authentication Module

Although we have constructed a robust training dataset after the operations of data preprocessing, data expansion, and data augmentation, a lightweight and effective authentication method is needed. It should extract effective characteristics from the dataset automatically to perform fast and robust access authentication. In 2021, researchers proposed Swin-Transformer [9]. Swin-Transformer uses a hierarchical Transformer structure with a shift-based self-attentive mechanism of non-overlapping windows, which gives Swin-Tansformer a faster computational speed and more flexible modeling capabilities. In this paper, we use Swin-Transformer as the backbone network to train the terminal class classifier. With the powerful feature extraction capability of our Swin-Transformer-based authentication module (STAM), we are able to extract multiple hardware features from the CSI as device fingerprints. The overall architecture of STAM is shown in Figure 6. We introduce the details of our careful design of input, multi-characteristics extraction, and output classification in STAM.

Input of STAM. The input of STAM can be considered as two “pictures” of length H, width W, where W denotes the number of valid subcarriers and H denotes the number of packets. Based on Section 3.2.1, we can see that W is 52. H can directly affect the speed and accuracy of access authentication. Intuitively, a larger H can provide more information to gain a more accurate classification and authentication but more collecting time and data processing time for a specific classification scheme are required. $A_{w,h}$ denotes the amplitude collected from the $w_{th}$ CSI subcarrier extracted from the $h_{th}$ packet, where $w\in \{0,W-1\}$ and $h\in \{0,H-1\}$. $P_{w,h}$ denotes the phase collected from the $w_{th}$ CSI subcarrier extracted from the $h_{th}$ packet. Therefore, the size of input is W × H × 2.

Multi-characteristics extraction of STAM. As shown in Figure 6, the input first passes through the block partitioning layer, which splits every “picture” into “sub-pictures” of size $2\times 2$. Every sub-block contains one “sub-picture” of amplitude and one “sub-picture” of phase. Consequently, each sub-block has a dimension of $2\times 2\times 2=8$. Each sub-block is then projected to dimension C through a linear embedding layer, thus the output size of this layer becomes $\frac{H}{2}\times \frac{W}{2}\times C$. The STAM backbone consists of four stages, with stages 1, 2 and 4 containing two blocks and stage 3 containing six blocks. After the Swin-Transformer layer and the block merge layer in stage 1, the sub-block size increases by $2\times 2=4$ times, and the sub-block dimension is converted to $2C$. Both stage 2 and stage 3 contain a Swin-Transformer layer and a block merge layer as stage 1, both of which increase the sub-block size of the previous stage by a factor of 4 and expand the sub-block dimension by a factor of 2. The output dimension of stage 3 is $\frac{H}{16}\times \frac{W}{16}\times C$ and stage 4 contains only the Swin-Transformer layer without changing the dimension. We collect the CSI samples and classification of every legal terminal in our training data. Their effective multi-characteristics with unique and unforgeable hardware defect information can be captured and recorded in the Swin-Transformer layers after offline training using supervised learning.

Output classification of STAM. The final output is classified after averaging the pooling layer with a multilayer perceptron. Because our training dataset has samples of all legal terminals, if a terminal is not in our training data, the output will label it as illegal. In this case, it will be denied to the network. Otherwise, it is labeled as legal and allowed to access the network. What is more, if it is labeled as legal, STAM also output its specific classification. An example of output is illustrated in

Table 1. Output examples and the corresponding network access control.

Number	Class	Access Network (Y/N)
0	illegal terminal	No
1	legal camera	Yes
2	legal smoke sensor	Yes
3	legal fire sensor	Yes
4	legal voltage sensor	Yes

.

The number of packets H is the key to affect the speed of access authentication [27]. If a classification scheme has the ability to extract more effective information from less packets, it will achieve faster classification while maintaining high accuracy. Benefits from the robust multi-characteristics extraction capability, the number of packets of STAM to obtain equal or more accurate authentication is two orders less than that of the previous studies [26,27,28] based on the extensive evaluations in Section 4. This enables our UTAA model to largely reduce the authentication delay for a single terminal.

3.3. End-Edge-Cloud Cooperative Authentication Task Scheduling

Though the UTAA model optimizes the authentication delay of a single terminal, the authentication response time overhead for a vehicle charging network system with massive terminal access is still extremely heavy. In order to alleviate the authentication pressure, the authentication task can be delivered to the center cloud nodes with sufficient computing and storage resources for processing. However, it is difficult for the center cloud node, which is small in number and far away from the terminal, to process dynamic numerous authentication requests in real time. Moreover, the number of edge nodes is large and close to the terminal, but it is difficult to handle high concurrent authentication tasks due to their less computing and storage resources. To provide efficient authentication services for vehicle charging network system, we therefore consider a distributed end-edge-cloud collaborative solution that combines the advantages of cloud nodes and edge nodes. By dynamically offloading the authentication task to appropriate nodes, our solution is able to minimize the global authentication response time overhead.

To dynamically solve the optimal authentication task scheduling scheme, we model the end-edge-cloud collaborative solution in advance. As illustrated in Figure 1, we consider a trusted access authentication architecture consisting of a set of terminals $\mathcal{N}=\left\{1,2,\dots ,N\right\}$ that initiate authentication requests, a series of edge nodes $\mathbf{E}=\left\{1,2,\dots E\right\}$ with certain computing resources, one remote cloud node c with sufficient computing resources, and local computing node l in a vehicle charging network system.

Each edge node $e\in \mathbf{E}$, cloud node c, and local node l are deployed with the UTTA model for authenticating whether the terminal is trusted. Only trusted terminals are allowed to access. Accordingly, we mathematically formulate the problem of minimizing the authentication response latency and solve it based on the A2C algorithm. Details are as follows.

3.3.1. Task Scheduling Decision

The authentication tasks that cannot be executed by the local node l in the vehicle charging network system will be transmitted to the network operator. At each time slot t, the network operator should decide which external node should be used (i.e., edge node $e\in \mathbf{E}$ or cloud node c) to schedule the trusted authentication task. For ease of notation, we use $\overline{\mathbf{E}}=\left\{\mathbf{E}\cup c\cup l\right\}$ to denote all computation nodes (i.e., edge nodes $\mathbf{E}$, cloud node c, and local node l), and $i\in \overline{\mathbf{E}}$ to indicate each computation node. Then, the computation capacities of each computation node i can be represented by ${{\rm Y}}^i$. To indicate the authentication task scheduling decision of terminal $n\in \mathcal{N}$ at time slot t, we introduce a binary variable $x_{n,i}^t$. Specifically, $x_{n,i}^t=1$ if the authentication task initiated by n is offloaded to the external computation node for executing. In addition, $x_{n,i}^t=0$ if the authentication task is executed by the local node l. Accordingly, we obtain the following constraints:

$$\begin{array}{c}\hfill x_{n,i}^t\in \{0,1\}\\ \hfill \sum _{i\in \overline{\mathbf{E}}}{x}_{n,i}^t=1\end{array}$$

(4)

3.3.2. Transmission Delay

Since authentication tasks need to be transmitted to an edge node e or cloud node c, transmission delay will inevitably occur when the authentication task is executed by external node. Specifically, a vehicle charging network system transmits the terminal n’s authentication task to the external computing node through wireless channel applying the general OFDM technology. In addition, there is no transmission process if the authentication task is executed by local node l. We denote the average noise power of wireless channel interference as ${ϵ}_{n,i}$, the power to transmit the authentication task as $P_{n,i}$, and channel power gain which can be predicted by the network operator as $h_{n,i}^t$. Then, according to the Shannon formula, the wireless transmission rate $R_{n,i}^t$ between terminals n and computing node i when the average link bandwidth is B can be expressed as:

$$\begin{array}{c}\hfill R_{n,i}^t=Blo{g}_2(1+\frac{h_{n,i}^t·P_{n,i}}{{ϵ}_{n,i}})\end{array}$$

(5)

Assuming that the size of terminal n’s authentication task transmitted by a vehicle charging network system to the computing node i is ${\mathsf{\Lambda }}_n^t$, then the transmission delay $d_{n,i}^{tr}\left(t\right)$ at time slot t can be expressed as:

$$\begin{array}{c}\hfill d_{n,i}^{tr}\left(t\right)=\frac{{\mathsf{\Lambda }}_n^t}{R_{n,i}^t}{x}_{n,i}^t\end{array}$$

(6)

3.3.3. Authentication Delay

To respond quickly to the massive authentication requests, we consider that the terminal n’s authentication tasks can be scheduled to different external nodes $i\in \overline{\mathbf{E}}$ for execution. In this case, the total authentication response delay includes not only the transmission delay $d_{n,i}^{tr}\left(t\right)$, but also the authentication delay $d_{n,i}^{au}\left(t\right)$ for executing terminal n’s authentication tasks by UATT models deployed on local node l and each external node i. According to the UTAA model described in Section 3.2, the authentication delay $d_{n,i}^{au}\left(t\right)$ mainly contains the time overhead caused by data preprocessing and terminal legitimacy identification based on swin-transformer. The time overhead caused by these two procedures is proportional to the total number of terminals N in the vehicle charging network system. Using ${\delta }_{n,i}$ to indicate the computational requirements that are related to the total number of terminals N, and ${\gamma }_{n,i}^t$ to indicate the allocated computing resources for terminal n at computation node i, then the authentication delay $d_{n,i}^{au}\left(t\right)$ at time slot t can be expressed as:

$$\begin{array}{c}\hfill d_{n,i}^{au}\left(t\right)=\frac{{\mathsf{\Lambda }}_n^t·N{\delta }_{n,i}}{{\gamma }_{n,i}^t}{x}_{n,i}^t\end{array}$$

(7)

3.3.4. Objective Function

In order to quickly respond to the authentication requests of large-scale terminals in the vehicle charging network system, our goal is to minimize the global authentication response latency that contains transmission delay $d_{n,i}^{tr}\left(t\right)$ and authentication delay $d_{n,i}^{au}\left(t\right)$. Let ${\omega }_1^t$ and ${\omega }_2^t$ represent the weights of transmission delay $d_{n,i}^{tr}\left(t\right)$ and authentication delay $d_{n,i}^{au}\left(t\right)$, respectively, then the objective function of our optimization problem can be expressed as:

$$\begin{array}{cc}\hfill P1:& min\mathbb{E}(\{\sum _{t=1}^T\sum _{n=1}^N\sum _{i=1}^{|\overline{\mathbf{E}}|}{\omega }_1^t{d}_{n,i}^{tr}\left(t\right)+{\omega }_2^t{d}_{n,i}^{au}\left(t\right)\})\hfill \end{array}$$

(8)

$$\begin{array}{cc}\hfill s.t.& C1:x_{n,i}^t\in \{0,1\}\hfill \end{array}$$

(9)

$$\begin{array}{cc}\hfill & \hfill C2:\sum _{i\in \overline{\mathbf{E}}}{x}_{n,i}^t=1\hfill \end{array}$$

(10)

$$\begin{array}{cc}\hfill & \hfill C3:\sum _{n=1}^N{\gamma }_{n,i}^t\le {{\rm Y}}_i\left(t\right)\hfill \end{array}$$

(11)

where constraint $C1$ restricts that the authentication task scheduling decision is a binary vector with values 0 and 1, that is, the authentication task is either executed by a local node or by an external node. Constraint $C2$ restricts that terminal n’s authentication task can only be executed by one computing node i at time slot t. Using ${{\rm Y}}^i$ to denote the total computational power of computing node i, constraint $C3$ restricts that the allocated computing resources for terminal n at computation node i cannot exceed the total computational power of computing node i.

3.3.5. A2C-Based Authentication Task Scheduling Algorithm

To solve the objective function and overcome the dynamical authentication request in a vehicle charging network system, we propose a task scheduling algorithm based on A2C reinforcement learning. The optimal scheduling policy $\pi$ that minimizes the objective function is learned by the agent (i.e., the network operator in the remote cloud) through interacting with the environment over time. Specifically, we have:

(1)

State space: The state space $\mathcal{S}$ of this algorithm can be defined as $\left\{h_{n,i}^t,{\mathsf{\Lambda }}_n^t,a_{t-1},{\gamma }_{n,i}^t\right\}$, where the $a_{t-1}$ represents the scheduling decisions at the last time slot.

(2)

Action space: The action space $\mathcal{A}$ is defined as ${\left\{x_{n,i}^t\in \left\{0,1\right\}\right\}}_{N\ast (E+2)}$. As a $N\ast (E+2)$ matrix, $\mathcal{A}$’s rows denote a set of terminals $\mathcal{N}$, and $\mathcal{A}$’s columns indicate a series of computation nodes (i.e., E edge nodes, one cloud node, and one local node).

(3)

Reward: Since the objective is to minimize the total authentication delay, the total accumulated reward $R_t$ can be defined as $R_t={\sum }_{t=1}^{\infty }{\delta }^{t-1}{r}_t$ $=-{\sum }_{t=1}^{\infty }{\sum }_{n=1}^N{\sum }_{i=1}^E{\delta }^{t-1}$ $({\omega }_1^t{d}_{n,i}^{tr}\left(t\right)+{\omega }_2^t{d}_{n,i}^{au}\left(t\right))$, where $\delta$ means the discount factor.

According to A2C reinforcement learning, the agent that learns authentication task scheduling will introduce two neural networks to approximate actor and critic, respectively. Specifically, the actor with parameter ${\theta }_{\pi }^n$ maintains a policy function ${\pi }_n\left(a_t^n\right|s_t^n;{\theta }_{\pi }^n)$ to control the authentication task scheduling action. By estimating the value function $V_n(s_t^n;{\theta }_v^n)$, the critic with parameter ${\theta }_v^n$ can evaluate the pros and cons of an actor’s certain state. Based on critic’s each evaluation results, the actor will continuously update policy function ${\pi }_n\left(a_t^n\right|s_t^n;{\theta }_{\pi }^n)$. The gradient update formula of the policy function $\mathsf{\Delta }{\theta }_{\pi }^n$ can be expressed as:

$$\begin{array}{c}\hfill \mathsf{\Delta }{\theta }_{\pi }^n=\alpha ·{▿}_{{\theta }_{\pi }^n}log{\pi }_n\left(a_t^n\right|s_t^n;{\theta }_{\pi }^n)·A(s_t^n,a_t^n;{\theta }_{\pi }^n,{\theta }_v^n)\end{array}$$

(12)

where $\alpha$ is the learning rate, ${▿}_{{\theta }_{\pi }^n}log{\pi }_n\left(a_t^n\right|s_t^n;{\theta }_{\pi }^n)$ is the policy gradient that controls the direction of parameter updates, $A(s_t^n,a_t^n;{\theta }_{\pi }^n,{\theta }_v^n)$ indicates “advantage”, and $R_t-V_n\left(s_t^n\right)$ means the advantage of action $a_t$ at state $s_t$. Details of the proposed solution for optimizing the global access authentication time are described in Algorithm 1. Specifically, the operator agent first selects a scheduling decision $a_t^n$ for authentication tasks each time according to actor policy. Then, the actor executes the $a_t^n$ to obtain the authentication latency $R_t$, while the critic computes the advantage function $A(s_t^n,a_t^n;{\theta }_{\pi }^n,{\theta }_v^n)$ based on the $R_t$ over time, and evaluates the policy. Finally, the parameters ${\theta }_{\pi }^n$ and ${\theta }_v^n$ will be updated until the optimal task scheduling policy is obtained. Detailed flowchart of the algorithm operation is shown in Appendix B.

Algorithm 1 A2C-based Task Scheduling Algorithm

1: Input: $\mathcal{N}$, $\mathbf{E}$, ${{\rm Y}}^i$, B, $h_{n,i}^t$; 2: Output: scheduling decisions $\mathcal{A}$, global access authentication response time $R_t$; 3: Initialization: ${\theta }_{\pi }^n$, ${\theta }_v^n$, number of training iterations $R_{max}$, number of time steps in each episode $T_{max}$. 4: End initialization 5: for $r=1,2,\dots ,R_{max}$ do 6:    for $t=1,2,\dots ,T_{max}$ do 7:      for $n=1,2,\dots ,N$ do 8:         Select authentication task scheduling decision from policy $a_t^n\sim {\pi }_n\left(a_t^n\right|s_t^n;{\theta }_{\pi }^n)$; 9:         Execute authentication task scheduling decision $a_t^n$ and observe the state at next time slot $s_{t+1}^n$ and reward $R_t$; 10:      end for 11:    end for 12:    Evaluate the policy by advantage function $A(s_t^n,a_t^n;{\theta }_{\pi }^n,{\theta }_v^n)$; 13:    Update network parameters ${\theta }_{\pi }^n\leftarrow {\theta }_{\pi }^n+\mathsf{\Delta }{\theta }_{\pi }^n$ and ${\theta }_v^n\leftarrow {\theta }_v^n+\mathsf{\Delta }{\theta }_v^n$. 14: end for

4. Evaluation

In this section, we conduct comprehensive experiments to evaluate the performance of our end-edge-cloud collaborative trusted access authentication which is carefully designed for large-scale heterogeneous terminals in a vehicle charging network system.

4.1. Evaluation Setup

We build a CSI adcquisition device using a Raspberry Pi, a wireless network card, an ESP32 module, and an IPEX antenna. The physical picture of the acquisition equipment and a brief introduction are shown in Appendix A. To monitor a practical and normal charging environment, we collect CSI data from 43 wireless terminals in two authentication environment cases. The first is a large open space nearly without signal occlusion and object movement. The second is an indoor test scene as illustrated in Figure 7. We also collect CSI data of terminals in different locations $L=\left\{L1,L2,\dots ,L6\right\}$. In this case, there exists signal occlusion and interference caused by unpredictable movements of people and indoor objects. This case is the default case in our performance studies. After collecting 2.4 GB of CSI, we finally obtain a dataset with 848,386 CSI samples. For data expansion, the window size $\mathcal{L}$ is set to 5 and the sliding stride S is set to 3. The probability parameters $P_g$, $P_d$, $P_c$, $P_{dr}$, and $P_t$ used for data augmentation in Section 3.2.1 are set as 0.1, 1.0, 1.0, 0.2, 1.0, respectively. Specifically, the maximum offset u and the number of offset points v for drift change are 0.8 and 3, respectively. The dimension number C of the STAM sub-block is set to 128. The number of packets H is 20 by default.

For comparison, we implement 3 state-of-the-art terminal identification schemes that are based on device fingerprints extracted from CSI as our baseline. It includes PE-Au [27] that extracts the phase error (PE) from CSI as device fingerprint for access authentication, CFO-Au [26] that extracts carrier frequency offset (CFO) from CSI as device fingerprint for access authentication, and NF-Au [28] that extracts power amplifier nonlinear features (NF) from CSI as device fingerprint for access authentication. For the baseline schemes, we adopt the default parameters taken from the corresponding literature. To further assess the impact of data expansion and data augmentation, we also implement the method UTAA-wo-Exp by removing the design of data expansion in Section 3.2.1, the method UTAA-wo-Aug by removing the design of data augmentation in Section 3.2.1. The method UTAA-wo-Exp&Aug denotes the version of UTAA without applying data expansion and augmentation.

According to the extensive evaluations of UTAA, the practical authentication overhead for a single terminal can be achieved. To further evaluate the global access authentication response time of the proposed authentication task scheduling scheme, we simulate large-scale access authentication requests under Python 3.6 and the TensorFlow framework. Specifically, we use the T-Drive Taxi Trajectories [36] to indicate the location of terminals. The locations of edge nodes are determined by terminals’ distribution within longitude range [116.0, 116.8] and latitude range [39.5, 40.3]. Moreover, the computing capacities of edge node ${{\rm Y}}^e$, local node ${{\rm Y}}^l$, and cloud node ${{\rm Y}}^c$ are uniformly distributed in [10, 20] GHz, [0.5, 1.5] GHz, and 100 GHz, respectively. Based on [37], the wireless network bandwidth B is 10 MHz. The average noise power ${ϵ}_{n,i}=1e^{-3}$. The power that a terminal can provide is $P_{n,i}\sim [5,100]$ mW. For the neural network parameters, the learning rate is 0.05, $\delta =0.95$, batch size is 300, and the number of hidden units of actor and critic neural network is 256. Particularly, the classic stochastic gradient descent will be used in our algorithm.

All the evaluations are conducted on a server equipped with 24 CPU kernels (Intel Xeon CPU E5-2620 v2@2.10GHz) and 128 GB of RAM.

4.2. Accuracy and Delay Analysis of UTAA

4.2.1. Performance Comparison

In

Table 2. Performance comparison of different baselines.

Number	Feature	Accuracy	Authentication Delay	Number of Packets
0	PE-Au	97.30%	20 s	5000
1	CFO-Au	96.00%	10 s	2000
2	NF-Au	96.55%	20 s	4000
3	UTAA	98.49%	1.8 s	20

, all the schemes gain high accuracy larger than 0.96, while the authentication delay for a single terminal is largely different. We can see that UTAA achieves the best accuracy and authentication delay performance against other algorithms. Specifically, the accuracy of UTAA is about 0.98 and the authentication delay of UTAA is 1.8 s. CFO-Au gains the second smallest authentication delay of about 10 s. The authentication delay of PE-Au and NF-Au is all about 20 s. The rate of packets is generally stable for a specific terminal. From Table 2, we can see that a larger number of packets will lead to a larger authentication delay. This further validates that the number of packets H is the key factor to affect the speed with enough accuracy. It demonstrates that the number of packets to obtain enough accuracy of the UTAA model is two orders less than the baselines. This further validates that the proposed UTAA has the ability to extract more effective information from less packets while maintaining high accuracy. PE-Au and NF-Au have the same authentication delay but NF-Au has less packets than PE-Au. This may be because NF-Au has a larger computation delay than PE-Au.

4.2.2. Accuracy over Different Packet Number

In this section, we vary the number of packets to evaluate the accuracy in Figure 8. In terms of the number of packets, a small H may lose necessary information and achieve poor accuracy performance, while a large H may enlarge the time cost but gain high accuracy performance. As Figure 8 shows, when H is 5, the accuracy of UTAA is only about 0.9. When H is larger than 10, UTAA achieves a high and stable accuracy performance about 0.98. The stable performance of high accuracy demonstrates the robustness of UTAA over the parameter H.

4.2.3. Impact Study of Data Expansion and Data Augmentation

To dive into the impact of data expansion and data augmentation, we evaluate the performance of the two components of UTAA separately in Figure 9. We can see that UTAA achieves high accuracy above 0.98, while UTAA-wo-Exp&Aug achieves the worst performance with accuracy less than 0.7. When removing either the data expansion component or the data augmentation component, the performance decreases significantly. This validates the high accuracy gain of the combined design of data expansion and data augmentation in UTAA. Interestingly, the performance of UTAA-wo-Exp is significantly better than the performance of UTAA-wo-Aug. This may be because data augmentation has a stronger ability to enlarge the richness of SCI samples than data expansion.

4.3. The Stability Performance of Device Fingerprint Extracted by UTAA

The accuracy and robustness of access authentication schemes based on device fingerprints are strongly related to the stability of device fingerprints. It is obvious that the more stable the extracted fingerprint features are, the better the subsequent terminal legitimacy identification will be. To evaluate the stability performance of our UTAA model for extracting device fingerprints, we conduct detailed experiments in different environments, different times, and different locations. By collecting and saving a certain amount of device fingerprints of test terminals in advance, we obtain a device fingerprint library. Using the cosine similarity between fresh fingerprints extracted under various cases and the fingerprints stored in the library to characterize the fingerprint stability, we evaluate the environmental stability, time stability, and location stability of the device fingerprint extracted by the UTAA model, respectively, as illustrated in Figure 10.

4.3.1. Stability Analysis in Different Environment

As shown in Figure 10a, we evaluate the environmental stability of device fingerprints of six terminals (i.e., $T1,T2,\dots ,T6$) extracted by UTAA in a large open outdoor scene, and in an indoor scene with normal signal occlusion and object movement, respectively. It can be clearly found that each block in Figure 10a has a darker color, which means that our UTAA model is capable of extracting environmentally stable fingerprints for various terminals in practical environments including indoors and outdoors. Particularly, the device fingerprint of terminal $T2$ can be extracted with a stability of 0.99 in a large and open outdoor environment. In a more complex and practical indoor environment, the device fingerprint extracted by UTAA has a stability of at least 0.86, or even 0.96, which implies the satisfactory practical value of UTAA.

4.3.2. Stability Analysis over Time

Similarly, we evaluate the time stability of device fingerprints by extracting the device fingerprints of six terminals based on UTAA at different times during the ten days from 15 December 2021 to 24 December 2021. As shown in Figure 10b, the blocks representing the device fingerprint stability of the 6 terminals within these ten days all have relatively dark colors, especially the blocks of terminal $T2$ from 17 to 24 December. This indicates that the device fingerprints of various terminals extracted at different time periods maintain considerable similarity (at least 0.8) with the fingerprints in the library. That is, device fingerprints extracted by the UTAA model will not be interfered by time.

4.3.3. Stability Analysis over Location

As shown in Figure 10c, we also evaluate the location stability of device fingerprints extracted by UTAA model through testing cosine similarity between the fingerprints of six terminals (i.e., $T1,T2,\dots ,T6$) in six different locations (i.e., $L1,L2,\dots L6$) and the device fingerprint library. It can be found that all color blocks have a cosine similarity higher than 0.8, which means the considerable stability of device fingerprints extracted in different locations. In particular, there are some fingerprints such as those from terminal $T2$ extracted at local $L1$ and $L5$ with location stability as high as 0.98. Thus, UTAA will achieve satisfactory location stability in practice.

4.4. Performance Study of Authentication Task Scheduling

The convergence of training: To verify the effectiveness of the proposed A2C-based authentication task scheduling scheme in solving optimization problems, we first evaluate how our algorithm loss converges in training iterations. The critic loss over training iteration with the number of terminals $N=50$ is elaborated in Figure 11. It can be found that the critic loss decreases rapidly in the first 80 iterations and then oscillates steadily. In addition, the training process of the proposed algorithm can converge quickly. This means that our scheduling scheme can quickly and efficiently select the optimal authentication task execution node with the goal of minimizing the global authentication latency.

The scheme performance comparison: We compare the performance of the proposed authentication task scheduling scheme with the local only scheme and the Cloud only scheme when the number of terminals is 20, 30, 40, 50, 60. As shown in Figure 12, the proposed scheme can obtain the smallest authentication latency, i.e., better authentication performance. Moreover, offloading the authentication tasks to the remote cloud, although it results in a larger transmission latency, the obtained authentication latency is smaller compared to the local only scheme. In other words, computing all authentication tasks locally will result in the worst authentication performance.

5. Conclusions and Discussion

In this paper, we proposed a robust and lightweight trusted access authentication solution for terminals in a vehicle charging network system. By well-designed device fingerprint extraction and End-Edge-Cloud Collaborative fingerprint identification, our solution effectively addresses the difficulty of real-time unified authentication for large-scale heterogeneous terminals faced by the system. This will contribute to the security of the Internet of Vehicles, which is under intense development. Moreover, although the solution in this paper is designed for vehicle charging networks, it can actually be applied to many other systems with similar challenges.

However, there are still shortcomings in our work. First, although our solution achieves high authentication accuracy, the swin-transformer network with large volume and many parameters will inevitably lead to relatively high resource overhead. In response to this problem, in the future, we will further explore a lightweight trusted access scheme that can balance authentication accuracy and resource overhead. Second, in this paper, a part of our dataset is obtained through data expansion and data augmentation. This improves data richness to some extent, but the effect is limited. Therefore, one of our future tasks is to collect more data from the real environment to build a more complete dataset.